All Products
Search
Document Center

Key Management Service:Condition keys

Last Updated:Feb 10, 2025

Conditions define the requirements for a policy to take effect. You can configure condition keys in key policies, secret policies, and custom policies of Resource Access Management (RAM) to manage access to Key Management Service (KMS). This topic describes common condition keys of Alibaba Cloud and the condition keys supported by KMS.

Note

In the following examples, the Principal field is required for key and secret policies. If you use custom policies of RAM, you can leave the field empty.

Common condition keys of Alibaba Cloud

acs:SourceIp

Condition key

Description

Conditional operator category

API operation

Valid value

Policy type

acs:SourceIp

Allows you to manage permissions on API operations based on the source IP addresses in requests.

String

All KMS operations. For more information, see API overview.

IP addresses. Examples:

  • "126.34.XX.XX"

  • "2001:0db8:85a3:0000:0000:8a2e:XXXX:XXXX"

  • Custom policies of RAM

  • Key policies

  • Secret policies

Sample RAM policy

In the following example, only the IP address within the 116.62.XX.XX/24 range can be used to generate a data key.

{
    "Statement": [
        {
            "Action": "kms:GenerateDataKey",
            "Effect": "Allow",
            "Resource": "*",
            "Condition": {
                "IpAddress": {
                    "acs:SourceIp": "116.62.XX.XX/24"
                }
            }
        }
    ],
    "Version": "1"
}

Sample key or secret policy

In the following example, only the RAM user ramuser1 can use an IP address within the 203.0.XX.XX range to initiate a request.

{
	"Version":"1",
	"Statement":[
		{
			"Sid":"kms policy",
			"Effect":"Allow",
			"Action":"kms:*",
			"Principal":{
				"RAM":[
					"acs:ram::1192853035****:user/ramuser1"
				]
			},
			"Resource":"*",
			"Condition":{
				"IpAddress":{
					"acs:SourceIp":[
						"203.0.XX.XX"
					]
				}
			}
		}
	]
}

acs:SourceVpc

Condition key

Description

Conditional operator category

API operation

Valid value

Policy type

acs:SourceVpc

Allows you to manage permissions on API operations based on the virtual private clouds (VPCs) in which clients reside. This condition key is valid only if a request is initiated from a VPC.

String

All KMS operations. For more information, see API overview.

IDs of VPCs. Example: vpc-bp1717bgs34gj****.

  • Custom policies of RAM

  • Key policies

  • Secret policies

Limits:

  • All Action elements in the Statement field of a policy must start with kms:. For example, valid Action elements can be "Action":"kms:*" and "Action":"kms:GenerateDataKey". "Action":"*" and "Action":"k*" are invalid.

  • This condition key is supported only in specific regions.

    Regions that support acs:SourceVpc

    Public cloud

    Category

    Region

    China

    China (Hangzhou), China (Shanghai), China (Shenzhen), China (Heyuan), China (Guangzhou), China (Qingdao), China (Beijing), China (Zhangjiakou), China (Hohhot), China (Ulanqab), China (Chengdu), and China (Hong Kong)

    Outside China

    Malaysia (Kuala Lumpur), Japan (Tokyo), Germany (Frankfurt), US (Virginia), US (Silicon Valley), Indonesia (Jakarta), UK (London), Philippines (Manila), Singapore, South Korea (Seoul), and Thailand (Bangkok)

In the following example of a key or secret policy, only the RAM user ramuser1 can initiate a request from the VPC vpc-bp1l8j1t3l3j5****.

{
    "Version": "1",
    "Statement": [
        {
            "Sid": "kms policy",
            "Effect": "Allow",
            "Action": "kms:*",
            "Principal": {
                "RAM": [
                    "acs:ram::1192853035****:user/ramuser1"
                ]
            },
            "Resource": "*",
            "Condition": {
                "StringEquals": {
                    "acs:SourceVpc": [
                        "vpc-bp1l8j1t3l3j5****"
                    ]
                }
            }
        }
    ]
}

acs:VpcSourceIp

Condition key

Description

Conditional operator category

API operation

Valid value

Policy type

acs:VpcSourceIp

Allows you to manage permissions on API operations based on the source IP addresses in requests. This condition key is valid only if a request is initiated from a VPC.

String

All KMS operations. For more information, see API overview.

IP addresses from VPCs. Examples:

  • "126.34.XX.XX"

  • "2001:0db8:85a3:0000:0000:8a2e:XXXX:XXXX"

  • Custom policies of RAM

  • Key policies

  • Secret policies

Limit: This condition key is supported only in specific regions.

Regions that support acs:VpcSourceIp

Public cloud

Category

Region

China

China (Hangzhou), China (Shanghai), China (Shenzhen), China (Heyuan), China (Guangzhou), China (Qingdao), China (Beijing), China (Zhangjiakou), China (Hohhot), China (Ulanqab), China (Chengdu), and China (Hong Kong)

Outside China

Malaysia (Kuala Lumpur), Japan (Tokyo), Germany (Frankfurt), US (Virginia), US (Silicon Valley), Indonesia (Jakarta), UK (London), Philippines (Manila), Singapore, South Korea (Seoul), and Thailand (Bangkok)

Sample RAM policy

Only an IP address within the 172.168.XX.XX/24 range from the VPC vpc-bp1717bghfnkqg5wn**** can be used to initiate a request.

{
    "Statement": [
        {
            "Action": "kms:GenerateDataKey",
            "Effect": "Allow",
            "Resource": "*",
            "Condition": {
                "StringEquals": {
                    "acs:SourceVpc": "vpc-bp1717bghfnkqg5wn****"
                },
                "IpAddress": {
                    "acs:VpcSourceIp": "172.168.**.**/24"
                }
            }
        }
    ],
    "Version": "1"
}

Sample key or secret policy

Only the RAM user ramuser1 can use an IP address within the VPC range 192.168.XX.XX to initiate a request.

{
    "Version": "1",
    "Statement": [
        {
            "Sid": "kms policy",
            "Effect": "Allow",
            "Action": "kms:*",
            "Principal": {
                "RAM": [
                    "acs:ram::1192853035****:user/ramuser1"
                ]
            },
            "Resource": "*",
            "Condition": {
                "IpAddress": {
                    "acs:VpcSourceIp": [
                        "192.168.XX.XX"
                    ]
                }
            }
        }
    ]
}

acs:SecureTransport

Condition key

Description

Conditional operator category

API operation

Valid value

Policy type

acs:SecureTransport

Allows you to manage permissions on API operations based on HTTPS.

Boolean

All KMS operations. For more information, see API overview.

  • true

  • false

  • Custom policies of RAM

  • Key policies

  • Secret policies

Sample RAM policy

In the following example, if HTTPS is used, users can perform any operations on all KMS resources.

       {
         "Version": "1",
         "Statement": [
           {
             "Effect": "Allow",
             "Action": "kms:*",
             "Resource": "*",
             "Condition": {
               "Bool": {
                 "acs:SecureTransport": "true"
               }
             }
           }
         ]
       }

Sample key or secret policy

Only the RAM user ramuser1 can initiate a request over HTTPS.

{
    "Version": "1",
    "Statement": [
        {
            "Sid": "kms policy",
            "Effect": "Allow",
            "Action": "kms:*",
            "Principal": {
                "RAM": [
                    "acs:ram::1192853035****:user/ramuser1"
                ]
            },
            "Resource": "*",
            "Condition": {
                "Bool": {
                    "acs:SecureTransport": "true"
                }
            }
        }
    ]
}

acs:CurrentTime

Condition key

Description

Conditional operator category

API operation

Valid value

Policy type

acs:CurrentTime

Allows you to manage permissions on API operations based on the time when a server receives a request.

Date and time

All KMS operations. For more information, see API overview.

The value is displayed in UTC and in the ISO 8601 standard. 

Example: 2024-01-10T20:00:00+08:00 or 2024-01-10T12:00:00Z for 20:00 on January 10, 2024 (UTC+8).

  • Custom policies of RAM

  • Key policies

  • Secret policies

In the following example of a key or secret policy, only the RAM user ramuser1 can initiate a request before 2099-12-31T12:00:00Z.

{
    "Version": "1",
    "Statement": [
        {
            "Sid": "kms policy",
            "Effect": "Allow",
            "Action": "kms:*",
            "Principal": {
                "RAM": [
                    "acs:ram::1192853035****:user/ramuser1"
                ]
            },
            "Resource": "*",
            "Condition": {
                "DateLessThan": {
                    "acs:CurrentTime": "2099-12-31T12:00:00Z"
                }
            }
        }
    ]
}

acs:MFAPresent

Condition key

Description

Conditional operator category

API operation

Valid value

Policy type

acs:MFAPresent

Allows you to manage permissions on API operations based on whether multi-factor authentication (MFA) is enabled for console logon.

Boolean

All KMS operations. For more information, see API overview.

  • true

  • false

  • Custom policies of RAM

  • Key policies

  • Secret policies

In the following example of a key or secret policy, only the RAM user ramuser1 for whom MFA is enabled can initiate a request.

{
    "Version": "1",
    "Statement": [
        {
            "Sid": "kms policy",
            "Effect": "Allow",
            "Action": "kms:*",
            "Principal": {
                "RAM": [
                    "acs:ram::1192853035****:user/ramuser1"
                ]
            },
            "Resource": "*",
            "Condition": {
                "Bool": {
                    "acs:MFAPresent": [
                        "true"
                    ]
                }
            }
        }
    ]
}

Key-related condition keys

kms:tag

Condition key

Description

Conditional operator category

API operation

Valid value

Policy type

kms:tag

Allows you to manage permissions on API operations based on key tags.

String

  • Encrypt

  • Decrypt

  • ReEncrypt

  • ExportDataKey

  • GenerateDataKey

  • GenerateDataKeyWithoutPlaintext

  • GenerateAndExportDataKey

  • AsymmetricDecrypt

  • AsymmetricEncrypt

  • AsymmetricSign

  • AsymmetricVerify

  • GetPublicKey

  • DescribeKey

  • UpdateKeyDescription

  • EnableKey

  • DisableKey

  • CancelKeyDeletion

  • ScheduleKeyDeletion

  • ImportKeyMaterial

  • GetParametersForImport

  • DeleteKeyMaterial

  • CreateKeyVersion

  • DescribeKeyVersion

  • ListKeyVersions

  • UpdateRotationPolicy

  • SetDeletionProtection

Custom key tag

  • Custom policies of RAM

  • Key policies

  • Secret policies

kms:EncryptionAlgorithm

Condition key

Description

Conditional operator category

API operation

Valid value

Policy type

kms:EncryptionAlgorithm

Allows you to manage permissions on cryptographic operations based on encryption algorithms in requests.

String

  • Decrypt

  • Encrypt

  • GenerateDataKey

  • GenerateDataKeyWithoutPlaintext

  • ReEncrypt

  • AsymmetricDecrypt

  • AsymmetricEncrypt

  • ExportDataKey

  • GenerateAndExportDataKey

Encryption algorithm, such as SYMMETRIC_DEFAULT, RSAES_OAEP_SHA_256, and ECIES_DH_SHA_1_XOR_HMAC.

For more information about the encryption algorithms supported by KMS, see Key types and specifications.

  • Custom policies of RAM

  • Key policies

In the following example, only a RAM user named key_ramuser1 can perform encryption, decryption, or re-encryption operations by using the RSAES_OAEP_SHA_256 algorithm. Only specified encryption algorithms can be used. This helps prevent the use of non-compliant or insecure encryption algorithms and ensure the secure and compliant use of encryption keys.

{
  "Sid": "Allow only one encryption algorithm with this asymmetric KMS key",
  "Effect": "Deny",
  "Principal": {
          "RAM": [
                    "acs:ram::119285303511****:user/key_ramuser1"
                ]
  },
  "Action": [
    "kms:Encrypt",
    "kms:Decrypt",
    "kms:ReEncrypt"
  ],
  "Resource": "*",
  "Condition": {
    "StringNotEquals": {
      "kms:EncryptionAlgorithm": "SYMMETRIC_DEFAULT"
    }
  }
}

kms:EncryptionContext:${EncryptionContextKey}

Condition key

Description

Conditional operator category

API operation

Valid value

Policy type

kms:EncryptionContext:${EncryptionContextKey}

Allows you to manage permissions on symmetric keys in KMS based on encryption context in encryption operations.

You can configure permissions based on key-value pairs in encryption context.

String

  • Decrypt

  • Encrypt

  • GenerateDataKey

  • GenerateDataKeyWithoutPlaintext

  • ExportDataKey

  • GenerateAndExportDataKey

Custom encryption context

  • Custom policies of RAM

  • Key policies

In the following example, all RAM users of the 119285303511**** Alibaba Cloud account can generate a data key (kms:GenerateDataKey) when the value of the Project key in encryption context (kms:EncryptionContext) is ProjectA.

{
 "Effect": "Allow",
 "Principal": {
	 "RAM": [
	 "acs:ram::119285303511****:*"
	 ]
	},
 "Action": "kms:GenerateDataKey",
 "Resource": "*",
 "Condition": {
 "StringEquals": {
 "kms:EncryptionContext:Project": "ProjectA"
 }
 }
}

kms:EncryptionContextKeys

Condition key

Description

Conditional operator category

API operation

Valid value

Policy type

kms:EncryptionContextKeys

Allows you to manage permissions on symmetric keys in KMS based on encryption context in encryption operations.

You can configure permissions based on keys in encryption context.

String array

  • Decrypt

  • Encrypt

  • GenerateDataKey

  • GenerateDataKeyWithoutPlaintext

  • ExportDataKey

  • GenerateAndExportDataKey

Keys in key-value pairs that are included in EncryptionContext

Key policies

In the following example, all RAM users of the 119285303511**** Alibaba Cloud account can generate a data key (kms:GenerateDataKey) when the Project key is included in encryption context (EncryptionContext).

{
 "Effect": "Allow",
 "Principal": {
	 "RAM": [
	 "acs:ram::119285303511****:*"
	 ]
	},
 "Action": "kms:GenerateDataKey",
 "Resource": "*",
 "Condition": {
 "StringEquals": {
 "kms:EncryptionContextKeys": "Project"
 }
 }
}

kms:ExpirationModel

Condition key

Description

Conditional operator category

API operation

Valid value

Policy type

kms:ExpirationModel

Allows you to manage permissions on the ImportKeyMaterial operation based on the value of the ExpirationModel parameter in requests.

String

ImportKeyMaterial

  • KEY_MATERIAL_DOES_NOT_EXPIRE: Key material does not expire.

  • KEY_MATERIAL_EXPIRES: Key material expires.

  • Custom policies of RAM

  • Key policies

In the following example, all RAM users of the 119285303511**** Alibaba Cloud account can import key material (kms:ImportKeyMaterial) only when the value of kms:ExpirationModel is KEY_MATERIAL_DOES_NOT_EXPIRE.

{
  "Effect": "Allow",
  "Principal": {
    "RAM": [
      "acs:ram::119285303511****:*"
      ]
  },
  "Action": "kms:ImportKeyMaterial",
  "Resource": "*",
  "Condition": {
    "StringEquals": {
      "kms:ExpirationModel": "KEY_MATERIAL_DOES_NOT_EXPIRE"
    }
  }
}

kms:ValidTo

Condition key

Description

Conditional operator category

API operation

Valid value

Policy type

kms:ValidTo

Allows you to manage permissions on the ImportKeyMaterial operation based on the value of the ValidTo parameter in requests.

You can use the condition key to allow users to import key material only before a specific date.

Date

ImportKeyMaterial

UNIX timestamp

  • Custom policies of RAM

  • Key policies

In the following example, all RAM users of the 119285303511**** Alibaba Cloud account can import key material only before June 20, 2024.

{
  "Effect": "Allow",
  "Principal": {
    "RAM":[
       "acs:ram::119285303511****:*"
      ]
  },
  "Action": "kms:ImportKeyMaterial",
  "Resource": "*",
  "Condition": {
    "NumericLessThanEquals": {
      "kms:ValidTo": "1718841600"
    }
  }
}

kms:KeyOrigin

Condition key

Description

Conditional operator category

API operation

Valid value

Policy type

kms:KeyOrigin

Allows you to manage permissions on API operations based on the Origin attribute of keys.

You can use the condition key to manage permissions on the CreateKey operation or on key-related operations.

String

All key-related operations. For more information, see API overview.

  • Aliyun_KMS

  • EXTERNAL

  • KmsInstance

  • Custom policies of RAM

  • Key policies

kms:KeySpec

Condition key

Description

Conditional operator category

API operation

Valid value

Policy type

kms:KeySpec

Allows you to manage permissions on API operations based on the KeySpec attribute of keys.

String

All key-related operations. For more information, see API overview.

Key specifications. Examples: Aliyun_AES_256 and RSA_2048.

For more information about the encryption algorithms supported by KMS, see Key types and specifications.

  • Custom policies of RAM

  • Key policies

In the following example, all RAM users and RAM roles of the 119285303511**** Alibaba Cloud account can create only RSA keys (kms:CreateKey).

{
  "Effect": "Allow",
  "Action": "kms:CreateKey",
  "Principal": {
    "RAM": [
      "acs:ram::119285303511****:*"
      ]
  },
  "Resource": "*",
  "Condition": {
    "StringLike": {
      "kms:KeySpec": "RSA_*"
    }
  }
}

kms:KeyUsage

Condition key

Description

Conditional operator category

API operation

Valid value

Policy type

kms:KeyUsage

Allows you to manage permissions on API operations based on the KeyUsage attribute of keys.

String

All key-related operations. For more information, see API overview.

  • ENCRYPT_DECRYPT: encryption and decryption

  • SIGN_VERIFY: signing and verification

  • Custom policies of RAM

  • Key policies

In the following example, only keys whose purpose is ENCRYPT_DECRYPT can be created (kms:CreateKey).

{
  "Effect": "Allow",
  "Action": "kms:CreateKey",
  "Resource": "*",
  "Condition": {
    "StringEquals": {
      "kms:KeyUsage": "ENCRYPT_DECRYPT"
    }
  }
}

kms:ScheduleKeyDeletionPendingWindowInDays

Condition key

Description

Conditional operator category

API operation

Valid value

Policy type

kms:ScheduleKeyDeletionPendingWindowInDays

Allows you to manage permissions on the ScheduleKeyDeletion operation based on the value of the PendingWindowInDays parameter in requests.

Numeric value

ScheduleKeyDeletion

Scheduled deletion period of a key. Unit: days.

  • Custom policies of RAM

  • Key policies

In the following example, if the scheduled deletion period for a key is less than or equal to 21 days, all users and roles cannot schedule a deletion task of the key (kms:ScheduleKeyDeletion).

{
  "Effect": "Deny",
  "Action": "kms:ScheduleKeyDeletion",
  "Principal": "*",
  "Resource": "*",
  "Condition": {
    "NumericLessThanEquals": {
      "kms:ScheduleKeyDeletionPendingWindowInDays": "21"
    }
  }
}

kms:SigningAlgorithm

Condition key

Description

Conditional operator category

API operation

Valid value

Policy type

kms:SigningAlgorithm

Allows you to manage permissions on the Sign and Verify operations based on signing algorithms in requests.

String

  • AsymmetricSign

  • AsymmetricVerify

Signing algorithm. Examples: RSA_PSS_SHA_256 and ECDSA_SHA_256.

For more information about the supported signing algorithms, see Key types and specifications.

  • Custom policies of RAM

  • Key policies

kms:WrappingAlgorithm

Condition key

Description

Conditional operator category

API operation

Valid value

Policy type

kms:WrappingAlgorithm

Allows you to manage permissions on the GetParametersForImport operation based on the value of the WrappingAlgorithm parameter in requests.

String

GetParametersForImport

Wrapping algorithm.

For more information about the wrapping algorithms supported by KMS, see Import key material into a symmetric key and Import key material into an asymmetric key.

  • Custom policies of RAM

  • Key policies

kms:WrappingKeySpec

Condition key

Description

Conditional operator category

API operation

Valid value

Policy type

kms:WrappingKeySpec

Allows you to manage permissions on the GetParametersForImport operation based on the value of the WrappingKeySpec parameter in requests.

String

GetParametersForImport

Type of a wrapping public key.

For more information about the types of wrapping public keys supported by KMS, see Import key material into a symmetric key and Import key material into an asymmetric key.

  • Custom policies of RAM

  • Key policies

Secret-related condition keys

kms:tag

Condition key

Description

Conditional operator category

API operation

Valid value

Policy type

kms:tag

Allows you to manage permissions on API operations based on secret tags.

String

  • DescribeSecret

  • GetSecretValue

  • PutSecretValue

  • UpdateSecret

  • UpdateSecretVersionStage

  • RestoreSecret

  • ListSecretVersionIds

  • RotateSecret

  • UpdateSecretRotationPolicy

  • DeleteSecret

Custom secret tag

  • Custom policies of RAM

  • Secret policies

  • Key policies

kms:SecretName

Condition key

Description

Conditional operator category

API operation

Valid value

Policy type

kms:SecretName

Allows you to manage permissions on API operations based on the value of the Secretname parameter.

String

All secret-related operations. For more information, see API overview.

Custom secret name

  • Custom policies of RAM

  • Secret policies

kms:EncryptionKeyId

Condition key

Description

Conditional operator category

API operation

Valid value

Policy type

kms:EncryptionKeyId

Allows you to manage permissions on API operations based on the IDs of encryption keys in secret access requests.

String

  • CreateSecret

  • GetSecretValue

  • PutSecretValue

Key ID

  • Custom policies of RAM

  • Secret policies

kms:SecretVersionId

Condition key

Description

Conditional operator category

API operation

Valid value

Policy type

kms:SecretVersionId

Allows you to manage permissions on API operations based on the unique secret version IDs in requests.

String

  • GetSecretValue

  • PutSecretValue

Secret version ID

  • Custom policies of RAM

  • Secret policies

kms:SecretVersionStage

Condition key

Description

Conditional operator category

API operation

Valid value

Policy type

kms:SecretVersionStage

Allows you to manage permissions on API operations based on the secret version status in requests.

String

  • GetSecretValue

  • UpdateSecretVersionStage

  • ACSCurrent

  • ACSPrevious

  • Custom secret version status

  • Custom policies of RAM

  • Secret policies

kms:SecretType

Condition key

Description

Conditional operator category

API operation

Valid value

Policy type

kms:SecretType

Allows you to manage permissions on API operations based on the secret types in requests.

String

All secret-related operations. For more information, see API overview.

  • Generic: generic secret

  • Generic: ApsaraDB RDS secret

  • RAMCredentials: RAM secret

  • ECS: Elastic Compute Service (ECS) secret

  • Redis: ApsaraDB for Redis secret

  • Custom policies of RAM

  • Secret policies

kms:ForceDeleteWithoutRecovery

Condition key

Description

Conditional operator category

API operation

Valid value

Policy type

kms:ForceDeleteWithoutRecovery

Specifies whether to forcefully delete the secret. A forcefully deleted secret cannot be recovered.

Boolean

DeleteSecret

  • true

  • false

  • Custom policies of RAM

  • Secret policies

kms:RecoveryWindowInDays

Condition key

Description

Conditional operator category

API operation

Valid value

Policy type

kms:RecoveryWindowInDays

Specifies the recovery period of a secret if you do not forcibly delete the secret. Unit: days.

Numeric value

DeleteSecret

Number of days

  • Custom policies of RAM

  • Secret policies

In the following example, if the recovery period of a secret is less than or equal to 10 days, all users and roles cannot delete the secret (kms:DeleteSecret).

{
  "Statement": [
    {
      "Effect": "Deny",
      "Action": "kms:DeleteSecret",
      "Principal": "*",
      "Resource": "*",
      "Condition": {
        "NumericLessThanEquals": {
          "kms:RecoveryWindowInDays": "10"
        }
      }
    }
  ]
}

Other condition keys supported by KMS

kms:TlsVersion

Condition key

Description

Conditional operator category

API operation

Valid value

Policy type

kms:TlsVersion

Allows you to manage permissions on API operations based on TLS versions in requests.

String

All authentication-related operations.

Note

Operations that do not involve authentication include DescribeRegions.

1.2

  • Custom policies of RAM

  • Key policies

  • Secret policies

In the following example, if the TLS version in a request is earlier than 1.2, all operations cannot be performed on the specified keys.

{
    "Version": "1",
    "Statement": [
        {
            "Effect": "Deny",
            "Action": "kms:*",
            "Resource": "acs:kms:*:*:key/key-hzz653f1f8fybn5qa****",
            "Condition": {
                "NumericLessThan": {
                    "kms:TlsVersion": [
                        "1.2"
                    ]
                }
            }
        }
    ]
}

Appendix 1: Conditional operator categories

Conditional operators can be classified into the following categories: string, number, date and time, Boolean, and IP address.

Category

Conditional operator

String

  • StringEquals

  • StringNotEquals

  • StringEqualsIgnoreCase

  • StringNotEqualsIgnoreCase

  • StringLike

  • StringNotLike

Number

  • NumericEquals

  • NumericNotEquals

  • NumericLessThan

  • NumericLessThanEquals

  • NumericGreaterThan

  • NumericGreaterThanEquals

Date and time

  • DateEquals

  • DateNotEquals

  • DateLessThan

  • DateLessThanEquals

  • DateGreaterThan

  • DateGreaterThanEquals

Boolean

Bool

IP address

  • IpAddress

  • NotIpAddress